Risk management is critical for enterprises embarking on new IT projects and plans. There's the risk of offshore outsourcing -- how do you ensure your data is safe in the hands of a worker in another country? There are also risks in managing compliance efforts. These include closing down your company or losing your position if the job isn't done correctly. How do CIOs calculate and manage risk? Take a look at the enterprise risk management...

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

strategies in this CIO Briefing for insight and advice on this important topic.

This guide is part of SearchCIO.com's CIO Briefings series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of the topics covered to date, visit the CIO Briefings section.

The news headlines continue: systems failures, data breaches, project delays, troubled products, trading failures, money laundering through mobile networks. These are just some of the sinkholes in operational-risk land related to information technology. The question is, why? Why do they keep coming despite efforts to prevent them?

"Why can't I just get a single view of risk to the business, especially a particular business activity or process? What makes this so difficult?" an exasperated CIO asked me at an executive briefing held by a chapter of the ISACA IT security organization after I discussed IT-related business risk. "One bad business-IT decision killed our company!"

Analyzing IT-related risk in silos leaves gaps and frustrates business leaders. Responding to IT risk in silos increases cost, creates prioritization errors and unleashes other gremlins. Silos can lead to both fundamental errors (such as thinking that IT security equals IT risk management, or that IT compliance equals IT risk management) and more complex errors (such as missing the ways risks in a shared infrastructure affect business processes).

How risk management standards can work for enterprise IT Every organization should be able to articulate how IT threats can harm a business. Forrester Research Analyst Chris McClean explains how a five-step risk management strategy, based on a risk management standard like ISO 31000, makes it easier to explain how IT threats become business threats.

Developing corporate social media policies is an ongoing experiment akin to the struggle enterprises endured when the Internet and email were introduced as business tools. Enterprises should not assume, however, that the policies they developed over many years for Internet and email use are a perfect fit for social media.

"Companies are making a mistake when they say social media is the same as email and chat," said Julie E. LeMoine, a collaboration expert who recently codeveloped a large financial services firm's social media policies. "There's enough that is different about social media that you need to be blunt and state the [rules of behavior] again, even if they're the same words [used for older e-communications polices] -- which I doubt they will be."

For starters, e-discovery polices will change, given the free-for-all nature of social networking, according to Stew Sutton, principal scientist for knowledge management at The Aerospace Corp., a federally funded research and development center in El Segundo, Calif. His organization has no limits on email retention, but with "social conversations, wikis, blogs and tweet streams, the mass of data sitting out there becomes a problem," he said. The issues can make e-discovery "extremely costly."

Following the recent downtime and data breaches at top-tier cloud service providers including Amazon Web Services LLC, Sony Corp. and Epsilon Data Management LLC, the risk deck has been shuffled at enterprises looking to move to hybrid cloud computing. Two risks that lurked in the middle of our top 10 list -- liability and identity management -- have floated to the top.

Once again, enterprise executives are talking about the need for cloud insurance, or at least a discussion about who is responsible when the cloud goes down. Presently, public clouds offer standardized service-level agreements, or SLAs, that offer remuneration for time -- but not for potential business -- lost during the downtime. Recent events could be opportunities for providers and CIOs to negotiate premium availability services, according to experts.

This is part of a SearchCIO.com Q&A with Wayne Mekjian, executive vice president and CIO of information services at Wells Fargo & Co., and Martin Davis, executive vice president and head of the company’s technology integration office, about the technology integration of Wells Fargo and Wachovia. In this interview, Mekjian and Davis share advice on avoiding integration pitfalls and explain how they created an “air space analysis” system and methodology to avert integration disasters. In “Wells Fargo and Wachovia: The technology integration of two giants,” Mekjian and Davis explained how they created a blended Wells Fargo/Wachovia technology model to begin converting 70 million banking customers while keeping service interruptions to a minimum.

The Wells Fargo and Wachovia merger creates a financial services organization with $1.3 trillion in assets and 280,000 employees. The technology integration encompasses 80 lines of business and 4,000 application bundles and involves more than a dozen CIOs, as well as integration leaders assigned to each line of business.

E-Handbook

E-Handbook

1 comment

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy